<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%@ page import="java.sql.*"%> 
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>My JSP 'checkrand.jsp' starting page</title>
    
	<meta http-equiv="pragma" content="no-cache">
	<meta http-equiv="cache-control" content="no-cache">
	<meta http-equiv="expires" content="0">    
	<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
	<meta http-equiv="description" content="This is my page">
	<!--
	<link rel="stylesheet" type="text/css" href="styles.css">
	-->

  </head>
  
  <body>
  <% 
    String url="jdbc:mysql://127.0.0.1:3306/bookstore?user=root&password=dlg89757";
    Class.forName("com.mysql.jdbc.Driver");
    Connection Con=DriverManager.getConnection(url);
    String username=request.getParameter("username");
    String password=request.getParameter("passwd");
    //把验证码保存到session中
    String rand = (String)session.getAttribute("rand"); 
    String input = request.getParameter("rand"); 

    if (rand.equals(input))
    {
        Statement stm= null;
        ResultSet rs =null;
        String sql ="select * from bookstore where username='"+username+"' and password='"+password+"'";
        stm = Con.createStatement();
        rs = stm.executeQuery(sql);
        if(rs.next())
        {
            session.setAttribute("username",username);
            out.println("登陆成功！");

        }
        else
        {
            out.println("用户名或密码错误！<a href=\"http://127.0.0.1:8080/bookstore/login.jsp\">点击返回登陆页面</a>");
        }
    }
    else
      {
      //验证码不正确
      out.print("验证码错误！<a href=\"http://127.0.0.1:8080/bookstore/login.jsp\">点击返回登陆页面</a>");
      
      }
%> 
  </body>
</html>
